activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruce Snyder" <bruce.sny...@gmail.com>
Subject Re: Securing the web console impossible?
Date Fri, 18 Apr 2008 21:41:13 GMT
On Fri, Apr 18, 2008 at 3:22 PM, j0llyr0g3r
<timo.roessner@wincor-nixdorf.com> wrote:
>
>  Hey folks,
>
>  i am desperately trying to find out how to configure a simple access control
>  for the web console, but this is simply not documented......
>
>  The documentation here: http://activemq.apache.org/web-console.html
>  refers to a separate jetty instance, not to the integrated jetty.
>
>  That's when i thought
>
>   "ok, it's simply not possible using the integrated jetty"
>
>  but then i stumbled over this peace of user-submitted configuration example:
>  http://activemq.apache.org/user-submitted-configurations.html
>
>  This looks really good:
>
>   <!-- Web Console.  Auth is via JAAS.  Beware: jetty-plus-6.1.4.jar contains
>  the
>        JAAS classes, and is not included with ActiveMQ.  You need to
>  download
>        separately.  Web Console queue browser will fail, as it tries to use
>  JMS
>        to browse the queue, and that requires a password.
>   -->
>
>   <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
>     <connectors>
>       <nioConnector port="8161" />
>     </connectors>
>
>     <userRealms>
>       <!-- "name" must match the realm in web.xml, and "loginModuleName"
>  must be defined in login.conf -->
>       <jaasUserRealm name="ActiveMQ" loginModuleName="ActiveMQ"
>
>  callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler"
>  />
>     </userRealms>
>
>     <handlers>
>       <webAppContext contextPath="/admin"
>  resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
>     </handlers>
>   </jetty>
>
>  But unfortunately, it lacks important information:
>
>  <userRealms>
>       <!-- "name" must match the realm in web.xml, and "loginModuleName"
>  must be defined in login.conf -->
>
>  Defining a realm in the web.xml is ok, but what about the "login.conf"?
>
>  Where should i place this file?

The login.conf file is pointed to by a system property named
java.security.auth.login.config as in:

-Djava.security.auth.login.config=login.conf

>  What should its content look like?

Follow the rules specified in the Javadoc for the Java Security
Configuration object here:

http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html

>  What "loginModuleName" should i specify?

You can specify any string as the loginModuleName. The important part
is that the realm-name in the web.xml and the loginModuleName in the
Jetty config match exactly.

Bruce
-- 
perl -e 'print unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*"
);'

Apache ActiveMQ - http://activemq.org/
Apache Camel - http://activemq.org/camel/
Apache ServiceMix - http://servicemix.org/
Apache Geronimo - http://geronimo.apache.org/

Blog: http://bruceblog.org/

Mime
View raw message